Method and apparatus for detecting arbitrary account password reset logic vulnerability, and medium
US12317080B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 8, 2021 |
| Grant date | May 27, 2025 |
| Priority date | — |
| Expiry date | Mar 13, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/61
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed are a method and apparatus for detecting a logic vulnerability allowing arbitrary password reset for an account, and a computer readable storage medium. The method includes: invoking a preset identification program to determine whether a request for a verification code is initiated in a to-be-detected webpage; obtaining, from a front-end page, a response packet sent in response to the request for a verification code, and determining whether there is a short message service (SMS) verification code in the response packet, on determining that a request for a verification code is initiated in the to-be-detected webpage; and; and determining that the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, on determining that there is an SMS verification code in the response packet.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.